public static Options CreateClientOptions(string clientName, string tlsKey, string tlsPassword)
{
Options opts = ConnectionFactory.GetDefaultOptions();
opts.Servers = new string[] {
"nats://*****:*****@127.0.0.1:4000",
"nats://*****:*****@127.0.0.1:5000",
"nats://*****:*****@127.0.0.1:6000"
};
opts.Name = clientName;
opts.Secure = true;
X509Certificate2 cert = new X509Certificate2(tlsKey, tlsPassword);
opts.TLSRemoteCertificationValidationCallback += rcvcb;
opts.AddCertificate(cert);
opts.MaxReconnect = 3000;
opts.ReconnectWait = 1500;
opts.ClosedEventHandler += (sender, args) =>
{
Console.WriteLine("Client {0} CLOSED!.", clientName);
};
return(opts);
}
public void TestTlsSuccessWithCert()
{
using (NATSServer srv = util.CreateServerWithConfig("tls_1222_verify.conf"))
{
Options opts = util.DefaultTestOptions;
opts.Secure = true;
opts.Url = "nats://localhost:1222";
opts.TLSRemoteCertificationValidationCallback = verifyServerCert;
// .NET requires the private key and cert in the
// same file. 'client.pfx' is generated from:
//
// openssl pkcs12 -export -out client.pfx
// -inkey client-key.pem -in client-cert.pem
X509Certificate2 cert = new X509Certificate2(
UnitTestUtilities.GetFullCertificatePath("client.pfx"), "password");
opts.AddCertificate(cert);
using (IConnection c = new ConnectionFactory().CreateConnection(opts))
{
using (ISyncSubscription s = c.SubscribeSync("foo"))
{
c.Publish("foo", null);
c.Flush();
Msg m = s.NextMessage();
}
}
}
}
public void TestTlsFailWithBadAuth()
{
using (NATSServer srv = util.CreateServerWithConfig(TestContext, "tls_1222_user.conf"))
{
Options opts = ConnectionFactory.GetDefaultOptions();
opts.Secure = true;
opts.Url = "nats://*****:*****@localhost:1222";
opts.TLSRemoteCertificationValidationCallback = verifyServerCert;
// this will fail, because it's not complete - missing the private
// key.
opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath(
TestContext, "client-cert.pem"));
try
{
new ConnectionFactory().CreateConnection(opts);
}
catch (NATSException nae)
{
System.Console.WriteLine("Caught expected exception: " + nae.Message);
System.Console.WriteLine("Exception output:" + nae);
return;
}
Assert.Fail("Did not receive exception.");
}
}
private static Options RevocationCheckingOptions()
{
Options opts = ConnectionFactory.GetDefaultOptions();
opts.Url = Url;
opts.Secure = true;
X509Certificate2 cert = new X509Certificate2("client.pfx", "password");
opts.AddCertificate(cert);
opts.CheckCertificateRevocation = true;
return(opts);
}
public void TestTlsFailWithInvalidServerCert()
{
using (NATSServer srv = NATSServer.CreateWithConfig(Context.Server1.Port, "tls_verify.conf"))
{
Options opts = Context.GetTestOptions(Context.Server1.Port);
opts.Secure = true;
opts.TLSRemoteCertificationValidationCallback = verifyCertAlwaysFail;
// this will fail, because it's not complete - missing the private
// key.
opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));
Assert.ThrowsAny <NATSException>(() => Context.ConnectionFactory.CreateConnection(opts));
}
}
public void TestTlsFailWithBadAuth()
{
using (NATSServer srv = util.CreateServerWithConfig("tls_1222_user.conf"))
{
Options opts = util.DefaultTestOptions;
opts.Secure = true;
opts.Url = "nats://*****:*****@localhost:1222";
opts.TLSRemoteCertificationValidationCallback = verifyServerCert;
// this will fail, because it's not complete - missing the private
// key.
opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));
Assert.ThrowsAny <NATSException>(() => new ConnectionFactory().CreateConnection(opts));
}
}
public void TestTlsFailWithBadAuth()
{
using (NATSServer srv = NATSServer.CreateWithConfig(Context.Server1.Port, "tls_user.conf"))
{
Options opts = Context.GetTestOptions(Context.Server1.Port);
opts.Secure = true;
opts.Url = $"nats://*****:*****@localhost:{Context.Server1.Port}";
opts.TLSRemoteCertificationValidationCallback = verifyServerCert;
// this will fail, because it's not complete - missing the private
// key.
opts.AddCertificate(UnitTestUtilities.GetFullCertificatePath("client-cert.pem"));
Assert.ThrowsAny <NATSException>(() => Context.ConnectionFactory.CreateConnection(opts));
}
}
public NatsConnection(string connectionString)
{
string workingDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
clientCert = Path.GetFullPath(Path.Combine(workingDirectory, CLIENTCERT));
serverCert = Path.GetFullPath(Path.Combine(workingDirectory, SERVERCERT));
options = ConnectionFactory.GetDefaultOptions();
options.Url = connectionString;
options.Timeout = 10000;
options.Verbose = true;
if (File.Exists(serverCert))
{
options.Secure = true;
X509Certificate2 cert = new X509Certificate2(clientCert, PASSWORD);
options.AddCertificate(cert);
options.TLSRemoteCertificationValidationCallback = TLSRemoteCertificationValidationCallback;
}
options.ClosedEventHandler = ClosedEventHandler;
options.DisconnectedEventHandler = DisconnectedEventHandler;
connection = factory.CreateConnection(options);
Console.WriteLine($"NATS Server got connected");
}
